Multiprotocol BGP 1 MPLS VPN. Agenda. Multiprotocol BGP 2

Similar documents
MPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

Introducing Basic MPLS Concepts

RFC 2547bis: BGP/MPLS VPN Fundamentals

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

MPLS Concepts. Overview. Objectives

MPLS-based Layer 3 VPNs

How To Understand Bg

How Routers Forward Packets

Introduction to MPLS-based VPNs

Using OSPF in an MPLS VPN Environment

Border Gateway Protocol (BGP)

- Multiprotocol Label Switching -

For internal circulation of BSNLonly

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

How To Make A Network Secure

APNIC elearning: BGP Attributes

--BGP 4 White Paper Ver BGP-4 in Vanguard Routers

MPLS Implementation MPLS VPN

Understanding Virtual Router and Virtual Systems

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr Cisco Systems, Inc. All rights reserved.

Using the Border Gateway Protocol for Interdomain Routing

Introduction Inter-AS L3VPN

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

BGP overview BGP operations BGP messages BGP decision algorithm BGP states

BGP Terminology, Concepts, and Operation. Chapter , Cisco Systems, Inc. All rights reserved. Cisco Public

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: Requirements

MPLS VPN Route Target Rewrite

Understanding Route Redistribution & Filtering

DD2491 p MPLS/BGP VPNs. Olof Hagsand KTH CSC

IPv6 over IPv4/MPLS Networks: The 6PE approach

Network Working Group Request for Comments: March 1999

Kingston University London

Table of Contents. Cisco Configuring a Basic MPLS VPN

Investigation of different VPN Solutions And Comparison of MPLS, IPSec and SSL based VPN Solutions (Study Thesis)

Exam Name: BGP + MPLS Exam Exam Type Cisco Case Studies: 3 Exam Code: Total Questions: 401

Virtual Private Networks (VPN) VPN. Agenda. Classical VPN s

Cisco Which VPN Solution is Right for You?

Quidway MPLS VPN Solution for Financial Networks

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

HP Networking BGP and MPLS technology training

MPLS Basics. For details about MPLS architecture, refer to RFC 3031 Multiprotocol Label Switching Architecture.

Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP

DD2491 p BGP-MPLS VPNs. Olof Hagsand KTH/CSC

Transitioning to BGP. ISP Workshops. Last updated 24 April 2013

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

How To Set Up Bgg On A Network With A Network On A Pb Or Pb On A Pc Or Ipa On A Bg On Pc Or Pv On A Ipa (Netb) On A Router On A 2

Layer 3 MPLS VPN Enterprise Consumer Guide Version 2

Module 7. Routing and Congestion Control. Version 2 CSE IIT, Kharagpur

MPLS. Cisco MPLS. Cisco Router Challenge 227. MPLS Introduction. The most up-to-date version of this test is at:

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

IMPLEMENTING CISCO MPLS V3.0 (MPLS)

Cisco Configuring Basic MPLS Using OSPF

Expert Reference Series of White Papers. An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire

l.cittadini, m.cola, g.di battista

BGP Best Path Selection Algorithm

BGP4 Case Studies/Tutorial

UPDATE = [Withdrawn prefixes (Optional)] + [Path Attributes] + [NLRIs].

Routing Protocol - BGP

MPLS VPN Implementation

MPLS VPN Technology. Overview. Outline

Exterior Gateway Protocols (BGP)

BGP Router Startup Message Flow

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang AT&T

White Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001

MPLS Architecture for evaluating end-to-end delivery

Inter-domain Routing Basics. Border Gateway Protocol. Inter-domain Routing Basics. Inter-domain Routing Basics. Exterior routing protocols created to:

Enterprise Network Simulation Using MPLS- BGP

Implementing Cisco MPLS

APNIC elearning: BGP Basics. Contact: erou03_v1.0

E : Internet Routing

SEC , Cisco Systems, Inc. All rights reserved.

Fundamentals Multiprotocol Label Switching MPLS III

VPN. Date: 4/15/2004 By: Heena Patel

In this chapter, you learn about the following: How MPLS provides security (VPN separation, robustness against attacks, core hiding, and spoofing

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

Multi Protocol Label Switching (MPLS) is a core networking technology that

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

Layer 3 Multiprotocol Label Switching Virtual Private Network

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009

Internet Protocol: IP packet headers. vendredi 18 octobre 13

MPLS Concepts. MPLS Concepts

IMPLEMENTING CISCO MPLS V2.3 (MPLS)

GregSowell.com. Mikrotik Routing

MPLS L2VPN (VLL) Technology White Paper

IP Routing Configuring RIP, OSPF, BGP, and PBR

Cisco Exam CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division

Introducción n a MPLS y MPLS VPN MPLS VPN

Why Is MPLS VPN Security Important?

MPLS is the enabling technology for the New Broadband (IP) Public Network

BGP Advanced Features and Enhancements

Implementing VPN over MPLS

MPLS Virtual Private Networks

UNDERSTANDING JUNOS OS NEXT-GENERATION MULTICAST VPNS

Border Gateway Protocol (BGP-4)

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Chapter 49 Border Gateway Protocol version 4 (BGP-4)

BGP Link Bandwidth. Finding Feature Information. Prerequisites for BGP Link Bandwidth

Transcription:

Multiprotocol BGP 1 MPLS VPN Peer to Peer VPNs BGP-4 (RFC 1771) is capable of carrying routing information only for IPv4 The only three pieces of information carried by BGP-4 that are IPv4 specific are the NEXT_HOP attribute (expressed as an IPv4 address), the AGGREGATOR (contains an IPv4 address) the NLRI (expressed as IPv4 address prefixes) Multiprotocol Extensions to BGP-4 RFC 2858 enable it to carry routing information for multiple network layer protocols (e.g., IPv6, IPX, etc...). MPLS-VPN v4.7 3 Agenda MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) -PE OSPF Routing -PE Static Routing -PE RIP Routing -PE External BGP Routing Multiprotocol BGP 2 To enable BGP-4 to support routing for multiple network layer protocols two things have to be added the ability to associate a particular network layer protocol with the next hop information the ability to associate a particular network layer protocol with a NLRI To identify individual network layer protocols Address Family Identifiers (AFI) are used values defined in RFC 1700 RFC 1700 is historic, obsoleted by RFC 3232 RFC 3232 specifies a Online Database for ASSIGNED NUMBERS www.iana.org MPLS-VPN v4.7 2 MPLS-VPN v4.7 4 Page Appendix 4-1 Page Appendix 4-2

Address Family Numbers (RFC 1700) Number Description ------ -------------------------------------------------------------- 0 Reserved 1 IP (IP version 4) 2 IP6 (IP version 6) 3 NSAP 4 HDLC (8-bit multidrop) 5 BBN 1822 6 802 (includes all 802 media plus Ethernet "canonical format") 7 E.163 8 E.164 (SMDS, Frame Relay, ATM) 9 F.69 (Telex) 10 X.121 (X.25, Frame Relay) 11 IPX 12 AppleTalk 13 Decnet IV 14 Banyan Vines 65535 Reserved Multiprotocol BGP 3 Capability Advertisement Procedures are used by a BGP speaker that to determine whether the speaker could use multiprotocol extensions with a particular peer or not -> RFC 3392 done during BGP Open with Capabilities Optional Parameter (Parameter Type 2) +------------------------------+ Capability Code (1 octet) +------------------------------+ Capability Length (1 octet) +------------------------------+ Capability Value (variable) +------------------------------+ Capability Code is unambiguously identifies individual capabilities. Capability Value is interpreted according to the value of the Capability Code field. MPLS-VPN v4.7 5 MPLS-VPN v4.7 7 Multiprotocol BGP 4 Address Family Identifier (AFI) in MP-BGP this parameter is used to differentiate routing updates of different protocols carried across the same BGP session it is a 16-bit value MP-BGP uses an additional Sub-Address Family Identifier (SAFI) it is a 8-bit value 1 NLRI used for unicast forwarding 2 NLRI used for multicast forwarding 3 NLRI used for both unicast and multicast forwarding Usual notation AFI/SAFI (i.e. x/y) 1/1 IP version 4 unicast 1/2 IP version 4 multicast 1/128 VPN-IPv4 unicast (used for MPLS-VPN) MPLS-VPN v4.7 6 Multiprotocol BGP 4 Two new attributes Multiprotocol Reachable NLRI (MP_REACH_NLRI) Multiprotocol Unreachable NLRI (MP_UNREACH_NLRI) MP_REACH_NLRI is used to carry the set of reachable destinations together with the next hop information to be used for forwarding to these destinations MP_UNREACH_NLRI is used to carry the set of unreachable destinations Both of these attributes are optional and non-transitive MPLS-VPN v4.7 8 Page Appendix 4-3 Page Appendix 4-4

BGP Update Message Format for IPv4 IPv4 Path Attribute Format / NLRI Format Pointer to end of the variable WR field Pointer to end of the variable PA field Unfeasible Routes Length (two octets) Withdrawn Routes (WR, variable) Total Path Attribute Length (two octets) Path Attributes (PA, variable) NLRI (variable) Attribute Type 1 octet 1 octet 1-2 octet Attr. Flags Attr. Type Code Attribute Length Attribute Value (variable octets) Path Attribute Format 1 octet Length Prefix (1-4 octets) NLRI MPLS-VPN v4.7 9 MPLS-VPN v4.7 11 BGP Update Message Details for IPv4 NLRI 2-tuples of (length, prefix) length = number of masking bits (1 octet) prefix = IP address prefix (1-4 octets) note: prefix field contains only necessary bits to completely specify the IP address followed by enough trailing bits to make the end of the field fall on an octet boundary path attributes are composed of triples of (type, length, value) -> TLV notation attribute type (two octets) 8 bit attribute flags, 8 bit attribute type code attribute length (one or two octets) signaled by attribute flag-bit nr.4 attribute value (variable length) content depends on meaning signaled by attribute type code MPLS-VPN v4.7 10 VPN-IPv4 BGP Update with MP_Reach_NLRI 1 octet 1 octet 1 octet Attr. Flags Type Code = 14 Attribute Length AFI= 1 SAFI = 128 Length of NHA Next Hop Address (NHA, 1-4 octets) Path Attribute MP_Reach_NLRI 1 octet Length = 120 Label (3 octets = 24 bits) Route Distinguisher (8 octets = 64 bits) IPv4 address (4 octets = 32 bits) NLRI for VPN-IPv4 MPLS-VPN v4.7 12 Page Appendix 4-5 Page Appendix 4-6

Format of Attribute-Type 8 bit attribute flags 1. bit (MSB) optional (1) or well-known (0) 2. bit transitive (1) or non-transitive (0) only for optional; set to 1 for well-known 3. bit partial (1) or complete (0) set to 0 for well-known and optional non-transitive 4. bit two octet (1) or one octet (0) attribute length field 8 bit attribute type code values 1-16 currently defined Classification of Attributes 2 optional it is not required or expected that all BGP implementation support all optional attributes may be added by the originator or any AS along the path paths are accepted regardless whether the BGP peer understands an optional attribute or not handling of recognized optional attributes propagation of attribute depends on meaning of the attribute propagation of attribute is not constrained by transitive bit of attribute flags but depends on the meaning of the attribute MPLS-VPN v4.7 13 MPLS-VPN v4.7 15 Classification of Attributes 1 well-known must be recognized by all BGP implementations well-known mandatory must be included in every Update message Origin, AS_Path, Next_Hop well-known discretionary may or may not be included in every Update message Local_Preference, Atomic_Aggregate all well-known attributes must be passed along to other BGP peers some will be updated properly first, if necessary Classification of Attributes 3 handling of unrecognized optional attribute propagation of attribute depends on transitive bit of attribute flags transitive paths are accepted (attribute is ignored) and attribute remains unchanged when path is passed along to other peers attribute is marked as partial (bit 3 of attribute flags) example: Community non-transitive paths are accepted, attribute is quietly ignored and discarded when path is passed along to other peers example: Multi_Exit_Discriminator MPLS-VPN v4.7 14 MPLS-VPN v4.7 16 Page Appendix 4-7 Page Appendix 4-8

Currently Defined Attributes 1 Basic attributes defined in RFC 1771 (Draft Standard) Origin well-known mandatory; type 1 AS_Path well-known mandatory; type 2 Next_Hop well-known mandatory; type 3 Multi_Exit_Discriminator MED optional non-transitive; type 4 Local_Preference well-known discretionary; type 5 Currently Defined Attributes 3 Advanced attributes Community optional transitive; type 8 defined in RFC 1997 (Proposed Standard) Originator_ID optional non-transitive; type 9 defined in RFC 1966 (Experimental) and RFC 2796 (Proposed Standard) -> Route Reflector Cluster_List optional non-transitive; type 10 defined in RFC 1966 (Experimental) and RFC 2796 (Proposed Standard) -> Route Reflector MPLS-VPN v4.7 17 MPLS-VPN v4.7 19 Currently Defined Attributes 2 Basic attributes (cont.) Atomic_Aggregate well-known discretionary; type 6 Aggregator optional transitive; type 7 these are the attributes that you can rely on in a multivendor environment Currently Defined Attributes 4 Advanced attributes (cont.) Multiprotocol Reachable NLRI MP_REACH_NLRI optional non-transitive; type 14 defined in RFC 2858 (Proposed Standard) -> Multiprotocol Extensions Multiprotocol Unreachable NLRI MP_UNREACH_NLRI optional non-transitive; type 15 defined in RFC 2858 (Proposed Standard) -> Multiprotocol Extensions in a multi-vendor environment carefully check implementation details MPLS-VPN v4.7 18 MPLS-VPN v4.7 20 Page Appendix 4-9 Page Appendix 4-10

Community Attribute Review 1 optional transitive attribute community is a group of destinations that share a common property group of networks which should be handled by a foreign AS in a certain way community is not restricted to one network or one AS community attributes are used to simplify routing policy based on logical properties rather than IP prefix or AS number (= physical location) to tag routes to ensure consistent filtering or routeselection policy BGP Draft Attributes 1 BGP Extended Communities Attribute consists of a set of "extended communities optional transitive; type 16 defined in draft-ietf-idr-bgp-ext-communities-07.txt two important enhancements over the existing BGP Community Attribute: it provides an extended range, ensuring that communities can be assigned for a plethora of uses, without fear of overlap. the addition of a type field provides structure for the community space. Important for MPLS_VPN Route Target Community Route Origin Community MPLS-VPN v4.7 21 MPLS-VPN v4.7 23 Community Attribute Review 2 32 bit values (range 0-4.294.967.200) well-known communities 0xFFFFFF01 No_Export 0xFFFFFF02 No_Advertise private communities value range 0x00010000 to 0xFFFEFFFF common practice for using private communities: high order 16 bit: number of AS which is responsible for defining the meaning of the community low order 16 bit: definition of meaning might have only local significance within the defining AS BGP Draft Attributes 2 Route Target: The Route Target Community identifies one or more routers that may receive a set of routes (that carry this Community) carried by BGP. This is transitive across the Autonomous system boundary. It really identifies only a set of sites which will be able to use the route, without prejudice to whether those sites constitute what might intuitively be called a VPN. Route Origin: The Route Origin Community identifies one or more routers that inject a set of routes (that carry this Community) into BGP. This is transitive across the Autonomous system boundary. MPLS-VPN v4.7 22 MPLS-VPN v4.7 24 Page Appendix 4-11 Page Appendix 4-12

BGP Draft Attributes 3 Route Target and Router Origin type: 2 octets (extended form of this attribute) high octet -> 00, 01, 02 -> defines the structure of the value field low octet -> defines the actual type value: 6 octets Route Target: high octet type: 0x00 or 0x01 or 0x02 low octet type: 0x02 Route Origin: high octet type: 0x00 or 0x01 or 0x02 low octet type: 0x03 Agenda MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) -PE OSPF Routing -PE Static Routing -PE RIP Routing -PE External BGP Routing MPLS-VPN v4.7 25 MPLS-VPN v4.7 27 BGP Draft Attributes 4 Structure of value field based on high octet part of type 0x00: 2 octets Global Administrator Field (IANA assigned AS #) 4 octets Local Administrator Field (actual value of given type contained in low octet part of type) 0x01: 4 octets Global Administrator Field (IP address assigned by IANA) 2 octets Local Administrator Field 0x02: 4 octets Global Administrator Field (IANA assigned 4 octet AS #) 2 octets Local Administrator Field MPLS-VPN v4.7 26 Classical VPNs X.25, Frame Relay or ATM in the core dedicated physical switch ports for every customers CPE router, bridge, computer customer traffic separation in the core done by concept of virtual circuit PVC service management overhead SVC service with closed user group feature signaling overhead separation of customers inherent to virtual circuit technique privacy is aspect of customer in most cases overlooked VPNs based on Overlay Model MPLS-VPN v4.7 28 Page Appendix 4-13 Page Appendix 4-14

Physical Topology of Classical VPN Logical Topology Classic VPN (2) Location A0 Location B0 Location A0 Location B0 Full Mesh WAN Switches Location B3 Location B3 Location A1 Location A3 Location A1 Location A3 Location B1 Location A2 Location B2 MPLS-VPN v4.7 29 Location B1 Location A2 Location B2 MPLS-VPN v4.7 31 Logical Topology Classic VPN (1) Virtual Private Networks based on IP Location A1 Location A0 Location B0 Location A3 Hub and Spoke Partial Mesh Location B3 single technology end-to-end IP forwarding and IP routing no WAN switches in the core based on different technology (X.25, FR or ATM) administered by different management techniques but accounting and quality of service just coming in the IP world X.25, FR and ATM have it already often private means cases control over separation but not privacy data are seen in clear-text in the core encryption techniques can solve this problem but encryption means must be in the hand of the customer Location B1 Location A2 Location B2 MPLS-VPN v4.7 30 VPNs based on Peer Model MPLS-VPN v4.7 32 Page Appendix 4-15 Page Appendix 4-16

Physical Topology IP VPN Tunneling Solutions for IP VPNs Location A1 PE Location A0 Location B1 PE Core Router P Location A2 Location B2 Location B0 Customer Edge Provider Edge PE Location A3 Location B3 MPLS-VPN v4.7 33 PE PE Tunneling techniques are used in order to guarantee separation of IP traffic IP in IP Tunneling or GRE (Generic Routing Encapsulations) Bad performance on PE router PPTP or L2TP for LAN to LAN interconnection Originally designed for PPP Dial-up connections LAN LAN is just a special case MPLS-VPN Best performance on PE router In all these cases Privacy still an aspect of the customer MPLS-VPN v4.7 35 Possible Solutions for IP VPNs Tunneling IP VPNs without Encryption IP addresses of customers non overlapping filtering and policy routing techniques can be used in order to guarantee separation of IP traffic exact technique depends on who manages routes at the customer site IP addresses of customers overlapping tunneling techniques must be used in order to guarantee separation of IP traffic GRE L2F, PPTP, L2TP MPLS-VPN If privacy is a topic encryption techniques must be used SSL/TLS, IPsec MPLS-VPN v4.7 34 Company A Intranet Company A Intranet Company A Intranet Internet Virtual Private Network (VPN) (tunneling between customer edge routers e.g. GRE) Virtual Private Network (VPN) (tunneling between PE routers of ISP provider e.g. MPLS VPN) Company A Intranet Company A Intranet Intranet MPLS-VPN v4.7 36 Page Appendix 4-17 Page Appendix 4-18

Encryption Solutions for IP VPNs If privacy is a topic tunneling techniques with encryption are used in order to hide IP traffic SSL (secure socket layer) Usually end-to-end Between TCP and Application Layer IPsec Could be end-to-end Could be between special network components (e.g. firewalls, VPN concentrators) only Between IP and TCP/UDP Layer PPTP and L2TP Tunnels With encryption turned on via PPP option SSL/TLS versus IPsec Application must be aware of new application programming interface new API Application SSL / TLS TCP IP Lower Layers Application OS Application can use standard application programming interface Application TCP IPsec IP Lower Layers standard API MPLS-VPN v4.7 37 MPLS-VPN v4.7 39 Tunneling IP VPNs without Encryption Two Major VPN Paradigms Company A Intranet Internet Company A Intranet Overlay VPNs: Transparent P2P links Well-known technology Provider does not care about customer routing Best customer isolation Company A Intranet Virtual Private Network (VPN) (encryption between customer edge routers or border firewalls e.g. IPsec) Company A Intranet Peer VPNs: Participation in Provider-routing Optimum routing Simple provision of additional VPN Problems with address space Intranet Virtual Private Network (VPN) Intranet (encryption between IP hosts e.g. SSL/TLS, IPsec) MPLS-VPN v4.7 38 MPLS-VPN v4.7 40 Page Appendix 4-19 Page Appendix 4-20

MPLS VPN Best of Both Worlds Combines VPN Overlay model with VPN Peer model PE routers allow route isolation By using Virtual Routing and Forwarding Tables (VRF) for differentiating routes from the customers Allows overlapping address spaces PE routers participate in P-routing Hence optimum routing between sites Label Switches Paths are used within the core network Easy provisioning (sites only) Overlapping VPNs possible By a simple (?) attribute syntax MPLS-VPN v4.7 41 MPLS-VPN 176.16.2.0 176.16.1.0 IP Network with MPLS-Switching plus MPLS- Application VPN PE 176.16.2.0 PE 176.16.3.0 MPLS-VPN v4.7 43 PE PE 176.16.3.0 176.16.1.0 PE MPLS-Path (= Tunnel) for 176.16.4.0 176.16.4.0 MPLS-Path (= Tunnel) for MPLS VPN Principles Requires MPLS Transport within the core Using the label stack feature of MPLS Requires MP-BGP among PE routers Supports IPv4/v6, VPN-IPv4, multicast Default behavior: BGP-4 Requires VPN-IPv4 96 bit addresses 64 bit Route Distinguisher (RD) 32 bit IP address Every PE router uses one VRF for each VPN Virtual Routing and Forwarding Table (VRF) Agenda MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) -PE OSPF Routing -PE Static Routing -PE RIP Routing -PE External BGP Routing MPLS-VPN v4.7 42 MPLS-VPN v4.7 44 Page Appendix 4-21 Page Appendix 4-22

-Router Perspective PE-Router Perspective -router -router MPLS VPN Backbone PE-router MPLS VPN Backbone -router MP-BGP -router VPN routing VPN routing PE-router P-router PE-router Core IGP Core IGP -router -router (Customer Edge) - routers run standard IP routing software and exchange routing updates with the PErouter EBGP, OSPF, RIPv2 or static routes are supported PE (Provider Edge) - router appears as just another router in the customer s network PE-routers contain a number of routing tables: Global routing table that contains core routes (filled with core IGP) Virtual Routing and Forwarding (VRF) tables for sets of sites with identical routing requirements VRF s are filled with information from -routers and MP-BGP information from other PE-routers MPLS-VPN v4.7 45 MPLS-VPN v4.7 47 P-Router Perspective PE-Router Perspective MPLS VPN Backbone PE-router P-router PE-router MPLS VPN Backbone -router MP-BGP -router VPN routing VPN routing PE-router P-router PE-router Core IGP Core IGP -router -router P (Provider) - routers do not participate in MPLS VPN routing and do not carry VPN (customer) routes P - routers run backbone IGP like OSPF or IS-IS with the PE-routers PE-routers: Exchange VPN routes with -routers via per-vpn routing protocols Exchange core routes with P-routers and PE-routers via core IGP Exchange VPN-IPv4 routes with other PE-routers via Internal MP-BGP sessions MPLS-VPN v4.7 46 MPLS-VPN v4.7 48 Page Appendix 4-23 Page Appendix 4-24

MPLS VPN using MPLS Label Stack VPN MPLS Architecture 1 VPN_A IP packet 2.) P routers switch the packets based on the IGP label (label on top of the stack) (LER) IGP Label() VPN Label IP packet 4.) receives the packets with the VPN label corresponding to the outgoing RT of the given VPN One single lookup Label is popped and packet sent to IP neighbor 3.) Penultimate Hop Popping P2 is the penultimate hop for the BGP next-hop P2 remove the top label VPN_A IP packet AS30 P3 P2 PE3 3 5 4 10.40.0.0/16 1.) receives IP packet Lookup is done on RT for given VPN BGP route with Next-Hop and VPN Label is found BGP next-hop () is reachable through IGP route with associated label (LSR) IGP Label() VPN Label IP packet VPN Label P2 (LSR) IP packet (LER) VPN_B 3 Customer Networks are connected to MPLS VPN service provider Basic scenario: VPNs are not overlapping -> that means they are totally separated from each other Orange Customer Green Customer MPLS-VPN v4.7 49 MPLS-VPN v4.7 51 Agenda MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) -PE OSPF Routing -PE Static Routing -PE RIP Routing -PE External BGP Routing MPLS-VPN v4.7 50 VPN MPLS Architecture 2 AS30 MPLS-VPN v4.7 52 PE3 P3 P2 3 5 4 10.40.0.0/16 Provider routers P (LSRs) are in the core of the MPLS cloud Provider Edge routers PE (LER) use MPLS within the core and plain IP with routers PE routers are fully meshed concerning Internal MP-BGP Sessions P and PE routers share a common IGP (e.g. OSPF or IS-IS) Customer Edge routers connect customer sites to provider Page Appendix 4-25 Page Appendix 4-26

VPN MPLS Architecture 3 New Network at 1 VRF_2 5 10.40.0.0/16 5 10.40.0.0/16 VRF_1 VRF_2 RT RT RT AS30 P3 RT P2 MPLS-VPN v4.7 53 VRF_1 PE3 3 4 PE router maintains a separate routing table VRF per customer site VRF (VPN Routing and Forwarding) Table holds global routing table RT for communication within MPLS cloud maintained by IGP forwarding within MPLS cloud is based on labels distributed by LDP RT RT VRF_1 Routing Update from 10.10/16 exist VRF_2 VRF_1 VRF_1 () 10.10/16 via Label 3248 AS30 P3 P2 MPLS-VPN v4.7 55 PE3 3 4 will generate a unique local label associated with this new route Routing Update will install a new route in the corresponding VRF table of and hence the new route must be advertised to all other PEs via Internal MP-BGP as VPN-IPv4 address VPN MPLS Architecture 4 Advertise Network to PE s 2 5 10.40.0.0/16 5 10.40.0.0/16 VRF_2 VRF_1 RT AS30 P3 P2 PE3 3 4 VRF table contains Net-IDs received from corresponding site via RIPv2, OSPF, External BGP session or static routes contains NET-IDs received from other PE routers via Internal MP-BGP Sessions received as VPN-IPv4 addresses hence overlapping addresses are no problem MP-BGP uses: MP_Reach_NLRI attribute Next-Hop VPN-IPv4_NLRI RD=Route Distinguisher Net Label Extended Community attr. RT = Route Target VRF_2 VRF_1 AS30 P3 P2 PE3 3 Routing Update from via Internal MP-BGP to all other PE s 4 AS30 VPN #1 VPN-IPv4 update: RD (ID to uniquely distinguished Net from other nets) = 30:1 Net = 10.10/16, Next-Hop = Label that should be used to reach this Net = 3248 RT (Hint to which VRF s this Net should be imported) = Orange MPLS-VPN v4.7 54 MPLS-VPN v4.7 56 Page Appendix 4-27 Page Appendix 4-28

New Network at /5 3 MPLS_VPN in Action 1 VRF_2 5 10.40.0.0/16 5 10.40.0.0/16 VRF_2 VRF_1 AS30 VRF_1 VRF_1 P3 P2 PE3 3 4 P2 P3 PE3 3 4 Routing Update from received at PE 2 VPN-IPv4 update: RD = 30:1 Net = 10.10/16, Next-Hop = Label = 3248 RT = Orange New Route put into VRF_1 based on RT=Orange VRF_1 () 10.10/16 via use 3248 VRF_2 () Routing Update to 5 10.10/16 exist LSP to 89 P2 <- PE3 3248 10.10.0.23. VPN-ID PE3 <- 3 10.10.0.23. VRF_1 (PE3) 10.10/16 via use 3248 FIB (RT PE3) via P2 use 89 LFIB (PE3) In Out - 89 MPLS-VPN v4.7 57 MPLS-VPN v4.7 59 New Network at PE3/3 4 MPLS_VPN in Action 2 VRF_2 5 10.40.0.0/16 5 10.40.0.0/16 VRF_2 VRF_1 VRF_1 P3 P2 RT AS30 VRF_1 PE3 3 4 P2 P3 PE3 3 4 Routing Update from received at PE 3 VPN-IPv4 update: RD = 30:1 Net = 10.10/16, Next-Hop = Label = 3248 RT = Orange New Route put into VRF_1 based on RT=Orange VRF_1 (PE3) 10.10/16 via use 3248 FIB (RT PE3) via P2 use 89 Routing Update to 3 10.10/16 exist RT (3) 10.10/16 via PE3 77 3248 <- P2 10.10.0.23. 89 3248 LFIB (P2) FIB (RT P2) via use 77 In 89 Out 77 P2 <- PE3 10.10.0.23. MPLS-VPN v4.7 58 MPLS-VPN v4.7 60 Page Appendix 4-29 Page Appendix 4-30

MPLS_VPN in Action 3 Agenda <- 3248 10.10.0.23. FIB (RT ) via use null 77 P3 P2 PE3 3 <- P2 3248 10.10.0.23. LFIB () In Out 77 POP 5 4 10.40.0.0/16 MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) -PE OSPF Routing -PE Static Routing -PE RIP Routing -PE External BGP Routing MPLS-VPN v4.7 61 MPLS-VPN v4.7 63 MPLS_VPN in Action 4 MPLS VPN Types <- 10.10.0.23. VRF_1 () 10.10/16 via <- 3248 10.10.0.23. P3 P2 PE3 3 5 4 10.40.0.0/16 VPNs not overlapping (Intranet) Site-1 VPN-1 Site-3 Site-4 VPN-2 Site-2 VPNs overlapping (Intranet/Extranet) Site-1 VPN-2 VPN-1 Site-4 Site-2 Site-3 VPN-3 site-2 networks can reach site-1 networks and vice versa, site-3 networks can reach site-4 networks and vice versa. site-2 networks can reach site-1 and site-3 networks, site-3 networks can reach site-4 and site-3 networks, site-1 networks can reach site-2 networks only, site-4 networks can reach site-3 networks only. Label 3248 MPLS-VPN v4.7 62 MPLS-VPN v4.7 64 Page Appendix 4-31 Page Appendix 4-32

A New Sight of VPN MPLS VPN (The Complete Story) 1 For non-overlapping VPNs The Route Distinguisher would be sufficient For overlapping VPNs The Route Distinguisher is not sufficient to achieve the new sight (the Extranet policy) of VPNs In order to implement this new sight of VPNs in case of overlapping VPNs the Route Target was introduced in the MPLS_VPN Architecture 10.2.0.0 : RIPv2 C 10.2/16 10.2.0.0 : RIPv2 C 10.2/16 RIPv2 10.2 via 1.1.1.1/32 R1 LDP/TDP R2 LDP/TDP R3 B 10:200 10.2/16 B 10:100 10.2/16 1.1.1.1/32 do POP 1.1.1.1/32 use 36 RIPv2 10.2 via VRF R 10.2/16 via RD 10:200 RT I 100:300 RT E 100:300 Redist. Redist. VRF R 10.2/16 via RD 10:100 RT I 100:200 RT E 100:200 LDP/TDP, OSPF, MP-BGP, MPLS AS 10 10.3.0.0 10.3.0.0 MPLS-VPN v4.7 65 MPLS-VPN v4.7 67 The real Role of the Route Target MPLS VPN (The Complete Story) 2 PE router which announces a route uses the Route Target community to specify in which foreign VRFs the announced route should be installed Route Target has export meaning PE router which receives a route uses the received Route Target community to decide in which local VRFs the announced route should be installed Route Target has import meaning 10.2.0.0 : RIPv2 C 10.2/16 10.2.0.0 : RIPv2 C 10.2/16 MP-IBGP Update NLRI: 10:100 10.2/16 NH: 1.1.1.1/32 RT E : 100:200 VPN-Label: 52 1.1.1.1/32 R1 LDP/TDP R2 LDP/TDP R3 1.1.1.1/32 do POP 1.1.1.1/32 use 36 LFIB 52 S0() 77 S1() MP-IBGP Update NLRI: 10:200 10.2/16 NH: 1.1.1.1/32 RT E : 100:300 VPN-Label: 77 LDP/TDP, OSPF, MP-BGP, MPLS AS 10 B 10:100 10.2/16 B 10:200 10.2/16 10.3.0.0 : RIPv2 C 10.3/16 10.3.0.0 : RIPv2 C 10.3/16 IGP Metric MED MPLS-VPN v4.7 66 MPLS-VPN v4.7 68 Page Appendix 4-33 Page Appendix 4-34

MPLS VPN (The Complete Story) 3 Example for Overlapping VPNs using Different Route Targets 10.2.0.0 : RIPv2 C 10.2/16 10.2.0.0 : RIPv2 C 10.2/16 MP-IBGP Update NLRI: 10:100 10.2/16 NH: 1.1.1.1/32 RT E : 100:200 VPN-Label: 52 MP-IBGP Update NLRI: 10:200 10.2/16 NH: 1.1.1.1/32 RT E : 100:300 VPN-Label: 77 1.1.1.1/32 R1 LDP/TDP R2 LDP/TDP R3 1.1.1.1/32 do POP 1.1.1.1/32 use 36 LFIB 52 S0() 77 S1() LDP/TDP, OSPF, MP-BGP, MPLS AS 10 VRF R 10.3/16 via B 10.2/16 via 1.1.1.1/32 RD 10:100 RT I 10:200 RT E 10:200 10.3.0.0 Lab 52 : RIPv2 C 10.3/16 R 10.2/16 B 10:100 10.2/16 Lab 52 B 10:200 10.2/16 Lab 77 VRF R 10.3/16 via B 10.2/16 via 1.1.1.1/32 Lab 77 RD 10:200 RT I 100:300 RT E 100:300 R3: OSPF O 1.1.1.1/32 via R2 Redist. Redist. 10.3.0.0 : RIPv2 C 10.3/16 R 10.2/16 MED IGP Metric IBGP 10.3/16 RTE=10:100 RD = 10:201 RTI =10:100 RTE=10:100 IBGP 10.1/16 RTE 10:100 RTI=10:100 RTE=10:100 10.3/16 RD = 10:200 RTI=10:200 RTE=10:200 IBGP 10.1/16 R2 10.1/16 R1 RTE=10:100 10.2/16 IBGP 10.2/16 RTE=10:200 R3 (HQ) IBGP 10.2/16 RTE=10:200 IBGP 10.3/16 RTE=10:200 RD = 10:202 RTI=10:200 RTE=10:200 IBGP Split Horizon Rule assures that R3 (HQ) does not forward routes learned by peers IP addresses must be unique in overlapping situations! MPLS-VPN v4.7 69 MPLS-VPN v4.7 71 MPLS VPN (The Complete Story) 4 10.2.0.0 10.2.2.2 Removes VPN label R3: FIB VRF B 10.2/16 via 1.1.1.1/32 use label 36; 52 R1 52, 10.2.2.2 R2 36, 52, 10.2.2.2 R3 LFIB 52 S0() 77 S1() POP 36 10.2.2.2 10.3.0.0 10.2.0.0 10.3.0.0 R3 has one FIB per RT : RIPv2 One FIB for global RT C 10.3/16 One FIB for VRF RT R 10.2/16 One FIB for VRF RT Each MPLS-Router has exactly one LFIB PE routers must be connected with routers via (sub) interfaces Agenda MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) -PE OSPF Routing -PE Static Routing -PE RIP Routing -PE External BGP Routing MPLS-VPN v4.7 70 MPLS-VPN v4.7 72 Page Appendix 4-35 Page Appendix 4-36

IP Addressing, OSPF Routing in VPN_1, Basic OSPF Routing and MPLS in Start MP-BGP in MPLS Switching - OSPF Core IGP = OSPF - OSPF : ip address 10.1.1.5 255.255.255.252 router ospf 10 network 10.1.1.5 0.0.0.0 area 0 : ip cef ip address 10.255.1.1 255.255.255.255 ip address 10.1.1.6 255.255.255.252 int e0 ip address 10.0.11.1 255.255.255.0 mpls ip router ospf 100 network 10.0.11.1 0.0.0.0 area 0 : ip address 10.1.2.5 255.255.255.252 router ospf 10 network 10.1.2.5 0.0.0.0 area 0 : ip cef ip address 10.255.2.2 255.255.255.255 ip address 10.1.2.6 255.255.255.252 int e0 ip address 10.0.12.2 255.255.255.0 mpls ip router ospf 100 network 10.0.12.1 0.0.0.0 area 0 BGP-RT : ip address 10.255.1.1 255.255.255.255 bgp router-id 10.255.1.1 neighbor 10.255.2.2 remote-as 100 neighbor 10.255.2.2 update-source loop 0 address-family vpnv4 neighbor 10.255.2.2 activate neighbor 10.255.2.2 next-hop-self neighbor 10.255.2.2 send-community extended (default) I-MP-BGP for BGP-RT : ip address 10.255.2.2 255.255.255.255 bgp router-id 10.255.2.2 neighbor 10.255.1.1 remote-as 100 neighbor 10.255.1.1 update-source loop 0 address-family vpnv4 neighbor 10.255.1.1 activate neighbor 10.255.1.1 next-hop-self neighbor 10.255.1.1 send-community extended MPLS-VPN v4.7 73 MPLS-VPN v4.7 75 Start Normal I-BGP in Create VRF and Bring Interface into VRF (PE router) : ip address 10.255.1.1 255.255.255.255 bgp router-id 10.255.1.1 neighbor 10.255.2.2 remote-as 100 neighbor 10.255.2.2 update-source loop 0 address-family ipv4 neighbor 10.255.2.2 next-hop-self neighbor 10.255.2.2 activate (default) no synchronization (default) exit address-family I-MP-BGP for normal IPv4 : ip address 10.255.2.2 255.255.255.255 bgp router-id 10.255.2.2 neighbor 10.255.1.1 remote-as 100 neighbor 10.255.1.1 update-source loop 0 address-family ipv4 neighbor 10.255.1.1 next-hop-self neighbor 10.255.1.1 activate (default) no synchronization (default) exit address-family : route-target import 100:1 route-target export 100:1 ip address 10.1.1.6 255.255.255.252 : route-target import 100:1 route-target export 100:1 ip address 10.1.2.6 255.255.255.252 MPLS-VPN v4.7 74 MPLS-VPN v4.7 76 Page Appendix 4-37 Page Appendix 4-38

Start Dynamic Routing (OSPF) towards (PE router) Redistribution of routes into VRF OSPF (PE router) - OSPF : route-target import 100:1 route-target export 100:1 ip address 10.1.1.6 255.255.255.252 router ospf 110 vrf VPN_1 network 10.1.1.6 0.0.0.0 area 0 - OSPF 10.10/16 10.10/16 via 10.20/16 via 10.20/16 : route-target import 100:1 route-target export 100:1 ip address 10.1.2.6 255.255.255.252 router ospf 120 vrf VPN_1 network 10.1.2.6 0.0.0.0 area 0 10.10/16 via B 100:1 10.10/16 B 100:1 10.20/16 10.20/16 via B 100:1 10/20/16 B 100:1 10/10/16 10.20/16 10.20/16 via 10.10/16 via 10.10/16 : router ospf 110 vrf VPN_1 network 10.1.1.6 0.0.0.0 area 0 redistribute bgp 100 metric <20> subnet redistribute ospf 100 match internal : router ospf 120 vrf VPN_1 network 10.1.2.6 0.0.0.0 area 0 redistribute bgp 100 metric <20> subnets redistribute ospf 100 match internal MPLS-VPN v4.7 77 MPLS-VPN v4.7 79 Redistributing VRF OSPF into MP-BGP and Transport of routes via I-MP-BGP (PE router) 10.10/16 via : router ospf 110 vrf VPN_1 network 10.1.1.6 0.0.0.0 area 0 redistribute ospf 110 match internal no synchronization B 100:1 10.10/16 B 100:1 10.20/16 B 100:1 10/20/16 B 100:1 10/10/16 I-MP-BGP for 10.20/16 via : router ospf 120 vrf VPN_1 network 10.1.2.6 0.0.0.0 area 0 redistribute ospf 120 match internal no synchronization MPLS-VPN v4.7 78 Agenda MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) -PE OSPF Routing -PE Static Routing -PE RIP Routing -PE External BGP Routing MPLS-VPN v4.7 80 Page Appendix 4-39 Page Appendix 4-40

IP Addressing, Static Routing in VPN_1, Basic OSPF Routing and MPLS in Start MP-BGP in MPLS Switching SR to 10.20/16 Core IGP = OSPF SR to 10.10/16 : ip address 10.1.1.5 255.255.255.252 ip route 10.20.0.0 255.255.0.0 10.1.1.6 (OSPF and MPLS in Backbone): ip cef ip address 10.255.1.1 255.255.255.255 ip address 10.1.1.6 255.255.255.252 int e0 ip address 10.0.11.1 255.255.255.0 mpls ip router ospf 100 network 10.0.11.1 0.0.0.0 area 0 : ip address 10.1.2.5 255.255.255.252 ip route 10.10.0.0 255.255.0.0 10.1.2.6 (OSPF and MPLS in Backbone): ip cef ip address 10.255.2.2 255.255.255.255 ip address 10.1.2.6 255.255.255.252 int e0 ip address 10.0.12.2 255.255.255.0 mpls ip router ospf 100 network 10.0.12.1 0.0.0.0 area 0 MPLS-VPN v4.7 81 BGP-RT : ip address 10.255.1.1 255.255.255.255 bgp router-id 10.255.1.1 neighbor 10.255.2.2 remote-as 100 neighbor 10.255.2.2 update-source loop 0 address-family vpnv4 neighbor 10.255.2.2 activate neighbor 10.255.2.2 next-hop-self neighbor 10.255.2.2 send-community extended (default) I-MP-BGP for BGP-RT : ip address 10.255.2.2 255.255.255.255 bgp router-id 10.255.2.2 neighbor 10.255.1.1 remote-as 100 neighbor 10.255.1.1 update-source loop 0 address-family vpnv4 neighbor 10.255.1.1 activate neighbor 10.255.1.1 next-hop-self neighbor 10.255.1.1 send-community extended MPLS-VPN v4.7 83 Start Normal I-BGP in Create VRF and Bring Interface into VRF (PE router) : ip address 10.255.1.1 255.255.255.255 bgp router-id 10.255.1.1 neighbor 10.255.2.2 remote-as 100 neighbor 10.255.2.2 update-source loop 0 address-family ipv4 neighbor 10.255.2.2 next-hop-self neighbor 10.255.2.2 activate (default) no synchronization (default) exit address-family I-MP-BGP for normal IPv4 : ip address 10.255.2.2 255.255.255.255 bgp router-id 10.255.2.2 neighbor 10.255.1.1 remote-as 100 neighbor 10.255.1.1 update-source loop 0 address-family ipv4 neighbor 10.255.1.1 next-hop-self neighbor 10.255.1.1 activate (default) no synchronization (default) exit address-family : route-target import 100:1 route-target export 100:1 ip address 10.1.1.6 255.255.255.252 : route-target import 100:1 route-target export 100:1 ip address 10.1.2.6 255.255.255.252 MPLS-VPN v4.7 82 MPLS-VPN v4.7 84 Page Appendix 4-41 Page Appendix 4-42

Static Routing (SR) towards (PE router) SR to 10.10/16 10.10/16 via : route-target import 100:1 route-target export 100:1 ip address 10.1.1.6 255.255.255.252 10.20/16 via SR to 10.20/16 : route-target import 100:1 route-target export 100:1 ip address 10.1.2.6 255.255.255.252 Agenda MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) -PE OSPF Routing -PE Static Routing -PE RIP Routing -PE External BGP Routing ip route vrf VPN_1 10.10.0.0 255.255.0.0 serial 0 10.1.1.5 ip route vrf VPN_1 10.20.0.0 255.255.0.0 serial 0 10.1.2.5 MPLS-VPN v4.7 85 MPLS-VPN v4.7 87 Redistributing Static into MP-BGP and Transport of Static routes via I-MP-BGP (PE router) IP Addressing, RIPv2 Routing in VPN_1, Basic OSPF Routing and MPLS in MPLS Switching 10.10/16 via : redistribute static no synchronization B 100:1 10.10/16 B 100:1 10.20/16 B 100:1 10/20/16 B 100:1 10/10/16 I-MP-BGP for 10.20/16 via : redistribute static no synchronization MPLS-VPN v4.7 86 - RIPv2 : ip address 10.1.1.5 255.255.255.252 router rip version 2 network 10.0.0.0 : ip cef ip address 10.255.1.1 255.255.255.255 ip address 10.1.1.6 255.255.255.252 int e0 ip address 10.0.11.1 255.255.255.0 mpls ip router ospf 100 network 10.0.11.1 0.0.0.0 area 0 Core IGP = OSPF - RIPv2 : ip address 10.1.2.5 255.255.255.252 router rip version 2 network 10.0.0.0 : ip cef ip address 10.255.2.2 255.255.255.255 ip address 10.1.2.6 255.255.255.252 int e0 ip address 10.0.12.2 255.255.255.0 mpls ip router ospf 100 network 10.0.12.1 0.0.0.0 area 0 MPLS-VPN v4.7 88 Page Appendix 4-43 Page Appendix 4-44

Start Normal I-BGP in Create VRF and Bring Interface into VRF (PE router) : ip address 10.255.1.1 255.255.255.255 bgp router-id 10.255.1.1 neighbor 10.255.2.2 remote-as 100 neighbor 10.255.2.2 update-source loop 0 address-family ipv4 neighbor 10.255.2.2 next-hop-self neighbor 10.255.2.2 activate (default) no synchronization (default) exit address-family I-MP-BGP for normal IPv4 : ip address 10.255.2.2 255.255.255.255 bgp router-id 10.255.2.2 neighbor 10.255.1.1 remote-as 100 neighbor 10.255.1.1 update-source loop 0 address-family ipv4 neighbor 10.255.1.1 next-hop-self neighbor 10.255.1.1 activate (default) no synchronization (default) exit address-family : route-target import 100:1 route-target export 100:1 ip address 10.1.1.6 255.255.255.252 : route-target import 100:1 route-target export 100:1 ip address 10.1.2.6 255.255.255.252 MPLS-VPN v4.7 89 MPLS-VPN v4.7 91 Start MP-BGP in Start Dynamic Routing (RIPv2) towards (PE router) BGP-RT : ip address 10.255.1.1 255.255.255.255 bgp router-id 10.255.1.1 neighbor 10.255.2.2 remote-as 100 neighbor 10.255.2.2 update-source loop 0 address-family vpnv4 neighbor 10.255.2.2 activate neighbor 10.255.2.2 next-hop-self neighbor 10.255.2.2 send-community extended (default) I-MP-BGP for BGP-RT : ip address 10.255.2.2 255.255.255.255 bgp router-id 10.255.2.2 neighbor 10.255.1.1 remote-as 100 neighbor 10.255.1.1 update-source loop 0 address-family vpnv4 neighbor 10.255.1.1 activate neighbor 10.255.1.1 next-hop-self neighbor 10.255.1.1 send-community extended MPLS-VPN v4.7 90 - RIPv2 - RIPv2 10.10/16 10.10/16 via 10.20/16 via 10.20/16 : : ip address 10.1.1.6 255.255.255.252 ip address 10.1.2.6 255.255.255.252 router rip router rip version 2 version 2 network 10.0.0.0 network 10.0.0.0 MPLS-VPN v4.7 92 Page Appendix 4-45 Page Appendix 4-46

Redistributing VRF RIPv2 into MP-BGP and Transport of routes via I-MP-BGP (PE router) : 10.10/16 via redistribute rip no synchronization B 100:1 10.10/16 B 100:1 10.20/16 B 100:1 10/20/16 B 100:1 10/10/16 I-MP-BGP for : 10.20/16 via redistribute rip no synchronization Agenda MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) -PE OSPF Routing -PE Static Routing -PE RIP Routing -PE External BGP Routing MPLS-VPN v4.7 93 MPLS-VPN v4.7 95 Redistribution of routes into VRF RIPv2 (PE router) 10.10/16 via B 100:1 10.10/16 B 100:1 10.20/16 10.20/16 via B 100:1 10/20/16 B 100:1 10/10/16 10.20/16 10.20/16 via 10.10/16 via 10.10/16 : router rip version 2 redistribute bgp 100 metric transparent redistribute rip : router rip version 2 redistribute bgp 100 metric transparent redistribute rip MPLS-VPN v4.7 94 IP Addressing, EBGP Routing in VPN_1, Basic OSPF Routing and MPLS in MPLS Switching 10.255.1.1/32 10.255.2.2/32 AS 55 AS 55 - EBGP Core IGP = OSPF - EBGP : ip address 10.1.1.5 255.255.255.252 router bgp 55 neighbor 10.1.1.6 remote-as 100 network 10.10.0.0 mask 255.255.0.0 : ip cef ip address 10.255.1.1 255.255.255.255 ip address 10.1.1.6 255.255.255.252 int e0 ip address 10.0.11.1 255.255.255.0 mpls ip router ospf 100 network 10.0.11.1 0.0.0.0 area 0 : ip address 10.1.2.5 255.255.255.252 router bgp 55 neighbor 10.1.2.6 remote-as 100 network 10.20.0.0 mask 255.255.0.0 : ip cef ip address 10.255.2.2 255.255.255.255 ip address 10.1.2.6 255.255.255.252 int e0 ip address 10.0.12.2 255.255.255.0 mpls ip router ospf 100 network 10.0.12.1 0.0.0.0 area 0 MPLS-VPN v4.7 96 Page Appendix 4-47 Page Appendix 4-48

Start Normal I-BGP in Create VRF and Bring Interface into VRF (PE router) : ip address 10.255.1.1 255.255.255.255 bgp router-id 10.255.1.1 neighbor 10.255.2.2 remote-as 100 neighbor 10.255.2.2 update-source loop 0 address-family ipv4 neighbor 10.255.2.2 next-hop-self neighbor 10.255.2.2 activate (default) no synchronization (default) exit address-family I-MP-BGP for normal IPv4 : ip address 10.255.2.2 255.255.255.255 bgp router-id 10.255.2.2 neighbor 10.255.1.1 remote-as 100 neighbor 10.255.1.1 update-source loop 0 address-family ipv4 neighbor 10.255.1.1 next-hop-self neighbor 10.255.1.1 activate (default) no synchronization (default) exit address-family : route-target import 100:1 route-target export 100:1 ip address 10.1.1.6 255.255.255.252 : route-target import 100:1 route-target export 100:1 ip address 10.1.2.6 255.255.255.252 MPLS-VPN v4.7 97 MPLS-VPN v4.7 99 Start MP-BGP in Start Dynamic Routing towards using EBGP Redistribute into MP-BGP and vice versa BGP-RT : ip address 10.255.1.1 255.255.255.255 bgp router-id 10.255.1.1 neighbor 10.255.2.2 remote-as 100 neighbor 10.255.2.2 update-source loop 0 address-family vpnv4 neighbor 10.255.2.2 activate neighbor 10.255.2.2 next-hop-self neighbor 10.255.2.2 send-community extended (default) I-MP-BGP for BGP-RT : ip address 10.255.2.2 255.255.255.255 bgp router-id 10.255.2.2 neighbor 10.255.1.1 remote-as 100 neighbor 10.255.1.1 update-source loop 0 address-family vpnv4 neighbor 10.255.1.1 activate neighbor 10.255.1.1 next-hop-self neighbor 10.255.1.1 send-community extended MPLS-VPN v4.7 98 AS 55 - EBGP - EBGP AS 55 10.10/16 10.10/16 via B 100:1 10.10/16 B 100:1 10.20/16 10.20/16 via 10.20/16 B 100:1 10/20/16 B 100:1 10/10/16 10.20/16 10.20/16 via 10.10/16 via 10.10/16 : : neighbor 10.1.2.5 remote-as 55 neighbor 10.1.1.5 remote-as 55 neighbor 10.1.2.5 activate neighbor 10.1.1.5 activate no synchronization no synchronization MPLS-VPN v4.7 100 Page Appendix 4-49 Page Appendix 4-50

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information